Tags:

September 5, 2013

EPIC, Privacy Groups, Urge FTC to Block Facebook Policy Changes

EPIC, joined by several leading privacy and consumer protection organizations, has called on the Federal Trade Commission to enforce the terms of a 2011 settlement with Facebook. Facebook recently announced changes that would allow the company to routinely use the names, images, and content of Facebook users for commercial advertising without consent. The changes arise from a flawed class action settlement over Facebook’s Sponsored Stories program. In the letter, the privacy groups explain that Facebook’s changes violate the terms of a 2011 settlement with the FTC. For more information, see EPIC: Federal Trade Commission and EPIC: Facebook Privacy.

September 6, 2013

A recent survey by the Pew Research Center's Internet Project has discovered that 86 percent of Americans take steps to conceal their actions or identities while online. The survey also found that 21 percent had an email or social networking account compromised or taken over by someone else without permission. Furthermore, the majority of respondents believe that "current laws are not good enough in protecting people's privacy online." Other Pew surveys have found that most teens were taking steps to protect their privacy, that a majority of parents were concerned about their children's online privacy, and that users were becoming more active in managing their social media accounts. For more information, see EPIC: Public Opinion on Privacy.

Tags:

September 10, 2013

The Court of Appeals for the Ninth Circuit has upheld a lower court ruling against Google in a case arising out of the Street View interception of private Wi-Fi communications. The lawsuit alleges that Google's ongoing interception of Wi-Fi payload data through its Street View program violated several laws, including the federal Wiretap Act. The court rejected Google's arguments that the interception was permissible. The court said that Google's interpretation could have the absurd result of rendering private communications, like email, unprotected simply because the recipient fails to encrypt their Wi-Fi network. Furthermore, the court explained that the unencrypted nature of the Wi-Fi networks did not make the data transmitted over them "readily accessible to the general public" because the data was still difficult for an ordinary person to intercept. EPIC filed a "friend of the court" brief in the case urging the court to uphold legal protections for Wi-Fi communications, and discussing both the intent of the federal law and the operation of a typical home W-Fi network. For more information, see EPIC: Ben Joffe v. Google and EPIC: Google Street View.

September 11, 2013

Office of National Intelligence Releases New Documents on NSA Surveillance

The Office of the Director of National Intelligence has just released new documents concerning the NSA's surveillance programs. The documents, which include numerous filings with the Foreign Intelligence Surveillance Court, date back to 2006. The documents specifically relate to the governments collection of information under Section 215 of the USA PATRIOT Act. In a Mandamus Petition to the United States Supreme Court, EPIC has argued that the FISA Court exceeded the statutory authority under Section 215 when it authorized bulk collection of American's telephone records in an Order concerning Verizon. Under Section 215, the FISA Court may order businesses to produce records that are "relevant" to an authorized national security investigation, but the Verizon Order requires production of all domestic telephone records on an ongoing basis. For more information, see EPIC: In re EPIC - NSA Telephone Records Surveillance.

September 13, 2013

Pressure Mounts on Facebook to Withdraw Proposed Changes, New Scrutiny of "Faceprints"

Facebook is under increasing pressure to withdraw proposed changes that would allow the company to use the names, images, and content of Facebook users for advertising without consent. After EPIC and several privacy groups wrote to the Federal Trade Commission that the changes would violate a 2011 Consent Order, the Commission has opened an investigation. Senator Ed Markey also wrote to the FTC, stating that Facebook's changes "raise[] a number of questions about whether Facebook is improperly altering its privacy policy without proper user consent and, if the changes go into effect, the degree to which Facebook users will lose control over their personal information." Senator Al Franken has called on Facebook to reconsider expansion of its facial recognition activity. In a letter to Mark Zuckerberg, Senator Franken asked "How many face prints does Facebook have?" For more information, see EPIC: EPIC: Federal Trade Commission and EPIC: Facebook Privacy.

Tags:

September 15, 2013

OECD Releases Updated Privacy Guidelines

The Organization for Economic Cooperation and Development has released the 2013 revisions to its privacy guidelines. The revisions build from the original guidelines, developed in 1980, and retain the core set of Fair Information Practices while updating the framework to address new challenges, such as national implementation and cross-border enforcement. The OECD explains that the revisions aim to "focus on the practical implementation of privacy protection" and to "address the global dimension of privacy through improved interoperability." EPIC Executive Director Marc Rotenberg, a member of the expert review group, has said that “the OECD Privacy Guidelines are the most influential international framework for privacy ever established.” For more information, see EPIC: International Privacy Standards.

TSA Seeks to Remove Privacy Act Safeguards for TSA PreCheck

The TSA has proposed to exempt a new TSA PreCheck database from important Privacy Act safeguards. TSA PreCheck allow the federal agency to grant expedited screening to certain travelers. The TSA PreCheck database contains personally identifiable information, including name, birthdate, biometric information, Social Security Number, and financial information. The TSA proposes to disclose TSA PreCheck applicant information to federal, state, tribal, local, territorial, and foreign governmental agencies. The TSA also proposes to exempt these records from the notification, access, and amendment provisions of the federal Privacy Act, the primary law that protects personal information held by the federal government. EPIC has previously testified before Congress that traveler screening procedures should follow all Privacy Act requirements. Comments on the proposed exemptions are due October 11, 2013.

September 20, 2013

The Foreign Intelligence Surveillance Court (FISC) has released an Opinion, justifying the NSA's telephone record collection program. In the Opinion, Judge Claire Eagan states that "there is no Fourth Amendment impediment to the collection" of all domestic call detail records. Judge Eagan also concluded that all domestic call detail records are "relevant" under Section 215 because "individuals associated with international terrorist organizations use telephonic systems to communicate" and because the government argued that bulk collection is 'necessary to create a historical repository of metadata' in order to identify 'known and unknown operatives. This FISC opinion was issued more than a month after EPIC filed its Mandamus Petition challenging the NSA domestic surveillance in the U.S. Supreme Court. The Eagan opinion has also been criticized by legal scholars. For more information, see In re EPIC.

Tags:

September 21, 2013

Sen. Franken Questions Apple on iPhone Fingerprint Scanning

Senator Al Franken has raised questions about the privacy and security implications of the fingerprint reader on Apple's new iPhone 5S. "If someone hacks your password, you can change it—as many times as you want. You can't change your fingerprints," Senator Franken wrote. He also pressed Apple for additional details on the protection available to users against law enforcement access to biometric data. In Congressional testimony, EPIC has previously warned that biometric identifiers will "allow for greater data collection and tracking of individuals." For more information, see EPIC: Biometric Identifiers.

Tags:

September 24, 2013

Senators Call for Public Report by IC Inspector General on NSA Surveillance

A bipartisan group of Senators, including the Chairman and Ranking Members of the Senate Judiciary Committee, have called for a full-scale review of the use of surveillance authorities by the intelligence community. The Senators emphasized that the findings and conclusions of this review be made public to "help promote greater oversight, transparency, and public accountability." The requested report would address activities conducted under Section 215 of the USA PATRIOT Act and Section 702 of the FISA, which includes the collection of the telephone call records of hundreds of millions of Americans. Specifically, the report would review the use and implementation of 215 and 702, the applicable minimization procedures, any improper use of the authorities, and examine the effectiveness over the 2010-2013 period. EPIC is currently challenging the order for bulk collection of domestic call records in its Petition for Writ of Mandamus in the U.S. Supreme Court. For more information, see In re EPIC and EPIC: FISA Reform.

Tags:

California Enacts Strong Digital Privacy Law for Minors

California Gov. Jerry Brown today signed a law to protect Privacy Rights for California Minors in the Digital World. The law, which goes into effect Jan. 1, 2015, sets out a broad range of rights for minors concerning the collection and use of their personal information by commercial service providers. The law does not limit the rights of minors, it seeks to regulate the practices of businesses. EPIC has long advocated for the privacy rights of children, testifying before the House in 1996 in support of the Children's Online Privacy Protection Act and again before the Senate in 2010 as new technologies and business practices emerged. EPIC also wrote comments to the FTC in 2011 supporting stronger regulations to protect the data concerning children. Some organizations, financed by Internet companies, are opposing the legislation. For more information, see EPIC: Children's Online Privacy Protection Act.

Tags:

In EPIC FOIA lawsuit, ODNI Submits Documents for Court Review

Following EPIC's motion in a FOIA case against the Office of the Director of National Intelligence, the ODNI has submitted 21 disputed documents to a federal court regarding the consolidation of databases containing detailed personal information on US persons. The documents are among those EPIC requested through the Freedom of Information Act. ODNI withheld the documents and EPIC filed a lawsuit challenging the decision. EPIC is seeking the documents to determine whether the agency is complying with the Privacy Act. A federal judge ordered ODNI to produce the documents for the Court's examination. For more information, see EPIC: EPIC v. ODNI.

September 25, 2013

MacArthur Foundation Withdraws From Consumer Cy Pres Settlement

The prestigious MacArthur Foundation has asked to be removed from a controversial consumer privacy settlement. The foundation noted that it was not an appropriate cy pres recipient and asked that the funds be "redirected to other non-profit organizations engaged in the underlying issues." Consumer privacy organizations, including EPIC, have opposed the Fraley settlement stating that it violates a 2011 consent order with the Federal Trade Commission and that the cy pres allocations proposed do not reflect the interests of the class or the purpose of the litigation. A recent survey by Gigaom found that many of the named organizations are funded by Facebook and have no plans to assist class members. Public Citizen has appealed the settlement to the Ninth Circuit. The Federal Trade Commission has opened an investigation and Facebook has suspended implementation of the proposed privacy changes that would result from the settlement. For more information, see EPIC: Fraley v. Facebook.

Tags:

Senator Leahy Urges FISA Reform at Georgetown Law

Speaking at a conference hosted by the Georgetown University Law Center, the Chairman of the Senate Judiciary Committee called for an end "to the bulk collection of Americans' phone records." Senator Leahy said "the system set up in the 1970s to regulate the surveillance capabilities of our Intelligence Community is no longer working. We must recalibrate." Senator Leahy has introduced bipartisan legislation that would end the telephone record collection program, reduce secret law, and improve the structure of the Foreign Intelligence Surveillance Court. The Senate Judiciary Committee will hold an oversight hearing next week on the Foreign Intelligence Surveillance Act. EPIC has filed a petition with the US Supreme Court, arguing that the bulk collection of telephone toll records is unlawful. For more information, see EPIC - In re EPIC.

Tags:

September 26, 2013

Court Rules that Gmail Case Can Go Forward, Internet Users Do Not Consent to Routine Inspection of Private Email

A federal district court has ruled that Google may have violated the federal Wiretap Act when it routinely intercepted, read, and acquired the contents of email users for advertising purposes. "The court finds that it cannot conclude that any party -- Gmail users or non-Gmail users -- has consented to Google's reading of e-mail for the purposes of creating user profiles or providing targeted advertising," Judge Lucy Koh stated. The court rejected arguments from Google that the activity occurred in the "ordinary course of business." The court said that the interception must be "instrumental" to the provision of an email service and that Google's business interest was not sufficient to meet that test. The court also found that Google had not obtained consent from users for the ad profiling practices. According to the court, "Google has cited no case that stands for the proposition that users who send emails impliedly consent to interceptions and use of their communications by other . . . than the indented recipient of the email." The ruling applies also applies to Google Apps for Education, through which Google obtains emails from educational organizations of students, faculty, staff, and alumni. For more information, see EPIC - Gmail Privacy FAQ.